About Subnets Blocking

To block a subnet, you must go to the blacklist of services. Instruction here https://cleantalk.org/help/sfw-blocks-networks

Enter a record of the form 1.2.3.4/16, where

1.2.3.4 - IP address,

/16  - subnet.

In this case / 16 means that any address starting with 1.2 will be blocked.

The resulting record will be 1.2.0.0/16 which means that all the addresses matching the template 1.2.n.m will be blocked, where

n - number from 0 to 256,

m - number from 0 to 256.

Thus, if you specify a subnet

  • /8 all addresses starting with 1.x.x.x will be blocked
  • /16 all addresses starting with 1.2.x.x will be blocked
  • /24 all addresses starting with 1.2.3.x will be blocked
  • /32 all addresses starting with 1.2.3.4 will be blocked (Subnet / 32 corresponds to specifying the exact IP address)

Intermediate values between 8, 16, 24, 32 are calculated as follows:

The subnet mask consists of 32 bits divided into octets (8 bytes each), in fact, it shows the number of units from the beginning in a 32-digit binary number:

The mask /32 will look like this:11111111 11111111 11111111 11111111

The mask /12 will look like this: 11111111 11110000 00000000 00000000

The mask /19 will look like this: 11111111 11111111 11100000 00000000

The mask /2 will look like this: 11000000 00000000 00000000 00000000

The subnet is calculated as follows:

Example with subnet mask /16:

Take the IP you want to blacklist let it be 192.168.1.2 and the mask you specified /16

The mask /16 will look like this:    11111111 11111111 00000000 00000000

The IP address will look like this:          11000000 10101000 00000001 00000010

And multiplication is performed (1*0=0)   11000000 10101000 00000000 00000000

Thus, after translating to the decimal system, the subnet address will become 192.168.0.0, accordingly, all addresses beginning with 192.168 will be blocked.

Input Recording: 192.168.1.2/16 Result: 192.168.0.0/16

Example with subnet mask /21:

Take the IP you want to blacklist let it be 192.168.204.2 and the mask you specified /21

The mask /21 will look like this:    11111111 11111111 11111000 00000000 = 255.255.248.0

The IP address will look like this:          11000000 10101000 11001100 00000010 = 192.168.204.2

And multiplication is performed (1*0=0)   11000000 10101000 11001000 00000000 = 192.168.200.0

Thus, after translating to the decimal system, the subnet address will become 192.168.200.0, accordingly, all addresses beginning with 192.168.200 will be blocked.

Input record: 192.168.204.2/21 Result: 192.168.200.0/21

 

If you still have questions you can always ask our Tech support by creating a ticket https://cleantalk.org/my/support or mailing to welcome@cleantalk.org


Perhaps it would also be interesting